computer safety and security lori m. bennett information security officer

Computer Safety

and Security

Lori M. BennettInformation Security Officer

The Internet = A World of Opportunties

A myriad of information is at your fingertips

• A way to communicate with colleagues, friends, and family

• Access to information and entertainment

• A means to learn, meet people, and explore

04/19/23Frostburg State University

Office of Information Technology

Frostburg State University Office of Information Technology

04/19/23

““With great With great power there power there must also must also come great come great responsibilitresponsibility” y”

-Stan Lee-Stan Lee

http://upload.wikimedia.org/wikipedia/commons/f/f2/Stangfdl.jpg

Online Security vs Online Safety

Security: We must secure our computers with technology in the same way that we secure the doors to our homes.

Safety: We must act in ways that help protect us against the risks that come with Internet use.



Primary Online Risks and Threats



To PersonalInformation(Safety)• Online fraud and

phishing

• Hoaxes

• Identity theft

• Spam

To Computers

(Security)• Viruses • Worms • Trojans• Spyware

• Adware

Primary Threats to Computer Security



Viruses/WormsSoftware programs designed to invade your computer, and copy, damage, or delete your data.

TrojansViruses that pretend to be helpful programs while destroying your data, damaging your computer, and stealing your personal information.

Spyware/AdwareSoftware that tracks your online activities or displays endless ads.

Four Steps to Help Protect Your Computer



Turn on Windows Internet firewall

Use Microsoft Update to keep Windows

up-to-date automatically

Install and maintain antispyware software

Install and maintain antivirus software

Turn on Windows Internet Firewall

• The firewall helps create a protective barrier between your computer and the internet

• Some antivirus programs also come with a firewall





Click Start, Control Panel, Windows Firewall, then “Turn Windows Firewall on or off”

Select “Turn on Windows Firewall” for all networks

Use Automatic Updates to Keep Software Up-to-date

• Install all updates as soon as they are available

• Automatic updates provide the best protection

• Enabled by default on FSU computers





Click Start, Control Panel, then Windows Update, and “Change Settings”

Select “Install updates

automatically”Notice the install

time and be sure your computer is turned on

Or visit http://update.microsoft.com

http://www.windowsupdate.com/

http://www.windowsupdate.com/

Also keep Java, Flash, and other add-on programs up to date

• These programs will prompt you when updates are available

• Always install as soon as possible



Install and Maintain Antivirus Software



• Antivirus software helps to detect and remove computer viruses before they can cause damage.

• For antivirus software to be effective, you must keep it up-to-date.

Don’t let it expire

Install and Maintain Antispyware Software

• Use antispyware software, such as Malware Bytes, so unknown software cannot track your online activity and potentially steal your information.•Many antivirus programs now include antispyware



Malware Bytes

Free download from: https://www.malwarebytes.org

Should be updated and run regularly just as you would your antivirus program



https://www.malwarebytes.org/

Other Ways to Help Protect Your Computer

Back up your files regularly

Read Web site privacy statements and EULA’s

Close pop-ups using Alt+F4

Think before you click04/19/23


Back up Your Files

At FSU, make sure to store important information on network drives

Save to CD/DVD, a USB drive, or other external source

Use a Web-based backup service such as http://www.onedrive.com



http://www.onedrive.com/

Read Privacy Statements

Understand what you are getting before you agree to download or share your personal information

Read End User License Agreements (EULA’s) before clicking “Agree” or “Accept”



Use the Alt+F4 to Close Pop-ups

Never click “yes,” “accept,” or even “cancel” or “abort” because it could be a trick that installs software on your computer.



Always press Alt+F4 on your keyboard to close pop-ups

Think Before You Click



Be cautious with e-mail attachments and links

Only download files from Web sites you trust

Use a web site advisor program such as McAfee Site Advisor



Download free from http://www.siteadvisor.com

Internet Explorer Settings

Open Internet Explorer and click the cog in the upper right corner, then Internet Options

Security level for Internet should be at least Medium-High (or click Default Level)



Primary Threats to Personal Online Safety



SpamUnwanted e-mail, instant messages, and other online communication

PhishingE-mail sent by online criminals to trick you into going to fake Web sites and revealing personal informationIdentity

TheftA crime where con artists get your personal information and access your cash and/or credit

HoaxesE-mail sent by online criminals to trick you into giving them money

Three Steps to Help Protect Your Personal Information



Practice Internet behavior that lowers your risk Manage your personal information carefullyUse technology to reduce nuisances, and raise the alarm when appropriate

Practice Internet Behaviors that Help Reduce Your Risk

Look for ways to reduce spam

Be on the lookout for online scams

Use strong passwords



Ways to Reduce Spam

You usually can tell a spam message by it’s title, so never open those messages, delete them right away!

Never reply to a spam message or click their “remove me” links- it will generate MORE spam

Create a free online email account (Yahoo, MSN, Gmail) and use that account for offers online



Avoid Online Scams

Seven telltale signs of a scam:

1.You don't know the person and they are not with a reputable company.2.You are promised untold sums of money for little or no effort on your

part.3.You are asked to provide money up front for questionable activities, a

processing fee, or to pay the cost of expediting the process.4.You are asked to provide your bank account number or other personal

financial information, even if the sender offers to deposit money into it.5.The request contains a sense of urgency.6.The person repeatedly requests confidentiality.7.The person offers to send you photocopies of government certificates,

banking information, or other "evidence" that their activity is legitimate (these are fake).



Use Strong Passwords

http://www.microsoft.com/protect/yourself/password/checker.mspx



How secure is your password???

Choosing secure passwords

Use your name or your Username in any formUse your spouse's, child's or pet’s nameUse other information easily obtained about

you (License plate, telephone, or social security numbers, brand of your automobile, street address, etc.)

Use words found in dictionaries



Do Not:

Choosing secure passwords

Use a password with mixed-case alphabetic charactersUse a password with non-alphabetic characters (e.g.,

digits or punctuation)Use a password that is easy to remember, so you don't

have to write it down Try using a the first letter of each word in a long

phrase, then substitute caps and symbols



Do:

Choosing a secure password

johnd, dnhoj, johndjohnd, JOHND, ABC123D, StarWars, 0123456789, xxx999, mydogRover, truck, ILoveTom



Examples of Bad Passwords:

Examples of Good Passwords: WAter5, Si11ymE, Ez24get, Mt4bwY

FSU Password Requirements

Password must be a minimum length of eight characters

Password cannot contain all or part of your User name

At least 10 unique passwords must be used before a password can be reused

Password must contain a combination of three of the following categories: uppercase characters (A thru Z), lowercase characters (a thru z), numeric (1 thru 9), and non-alphabetic characters (!,@,#,$,%, etc.)



Manage Personal Information Carefully

Do not share personal information in e-mail or instant messages

Use only secure and trusted Web sites

Make sure you are where you think you are: Web sites can be faked

Avoid financial transactions over unsecured wireless networks

When in public, stay private



Have you been Phished?

Phishing is a type of deception designed to steal your valuable personal data, such as credit card numbers, passwords, account data, or other information.

Phishers send an email to get you to go to a web site where you are fooled into exposing your passwords or even banking information so they can take the money in your account.



04/19/23



Sample Phishing email from a bank

04/19/23



Sample Phishing email sent to FSU users

From: Webmaster [mailto:[email protected]] Sent: Thursday, March 10, 2011 5:25 AMSubject: User Quarantine Release Notification Hello, We are carrying out a routine quarantine exercise . we have started our yearly server (inactive email-accounts / spam protecting etc) clean-up process to enable service upgrade/migration efficiency. Please be informed that your account usage will be fully restricted if you do not adhere to this notice. You are to provide your account details for immediate Quarantine by clicking on your reply button to respond as follows (This will confirm your account login/usageFrequency / account continuation potentials): *Username:*Password:*Alternate Email: All IT Service utilities will not be altered during this period, This will not affect the operation of your IT service systems or the manner in which you currently login to your account. Account access and usage will be disabled if you fail to comply as required. Help DeskInformation Technology © 2011 All rights reserved

Ways to Tell that an Email Message is Fraudulent

Phrases to look for:"Verify your account." "If you don't respond within 48 hours, your

account will be closed." "Dear Valued Customer." "Click the link below to gain access to your

account."



How to Protect Yourself

Never follow links or call phone numbers listed in an email. Type the company’s URL directly in a new browser window, or call the number listed on your statement.

When in doubt, delete. Delete any email you have doubts about, especially one that requests you to give up your personal, private information.

If you feel the email looks suspicious, report the email to the 'real' company.



How to shop online more safely

Before you select a store: Do a background check. Look for a physical address (not

a Post Office box), request a catalog by mail, or call and talk to a company representative.

Explore the Web site for third-party seals of approval such as:

BBBOnline (Better Business Bureau Online) or TRUSTe Find out what other shoppers have to say (Epinions or

Bizrate) Review their shipping methods and policies



Before You Enter a Credit Card Number

The company should only require personal information that's necessary to complete the purchase (you will probably enter your credit card number, address, and telephone number).

The Web site should use secure technology. When you get to the screen where you enter your credit card number or other personal information, make sure that the Web address begins with https (for example, https://www.tailspintoys.com) and check to see if a tiny locked padlock appears next to the URL.



Use Public Wireless Networks More Safely

If a wireless network is unsecured:

Use a firewallDon't type in credit

card numbers or passwords

Turn off your wireless network when you're not using it



Check your Social Network settings

Do you know what other people can see on your Facebook or Twitter page?

Be careful what you post

“If you can’t say something nice, don’t say nothing at all”

Google yourself!04/19/23


Secure Your Wireless at Home

It's one thing to let a neighbor borrow your lawn mower, but you should think twice about allowing anyone to access your home network!

Out of the box, many wireless routers are completely unsecured



Wireless networks often extend more than 300 feet from your wireless router.

Tips for Wireless Home Network Security

Change Default Administrator Passwords (and Usernames)

Turn on (Compatible) WPA / WPA2 Encryption Change the Default SSID Disable SSID Broadcast Enable Firewalls On Each Computer and the Router Position the Router or Access Point Safely Turn Off the Network During Extended Periods of

Non-Use Change passwords and WPA / WPA2 keys regularly



For More Information



http://www.staysafeonline.orgwww.getnetwise.orghttps://www.us-cert.gov/home-and-businesswww.microsoft.com/protect/default.mspx www.microsoft.com/protect/yourself/password/create.mspxhttp://www.microsoft.com/security/online-privacy/email.aspx

computer safety and security lori m. bennett information security officer

Documents